Nudie Pics Hop a Ride on Thomas the Tank Engine

Written by

Judging from a new ransomware variant, a certain set of malware authors seems to have a beef with a mainstay of childhood: Thomas the Tank Engine and his mates on the Island of Sodor.

That said, these “cyber-criminals” also give every indication that they’re not too far off from playing with Thomas train sets themselves—I’m guessing the average age of the perps to be around 13.

Why, you ask? As detailed by Sophos, nRansom demands nudie photos—and uses thumbnails of Thomas with “F*** You!” scrawled across the top as its lock screen. One can almost hear the adolescent giggling in the air.

As Sophos explained:

“Unlike ransomware such as Locky or WannaCry, nRansom won’t encrypt your files. It’s a screen locker that tries to stop you from accessing the things on your computer by locking the screen until you do as it asks.”

And what does it ask? Naked pics of babes, of course!

Here’s what the ransom note says, misspellings and all:

Your computer has been locked. You can only unlock it with the special unlock code. go to protonmail.com and create an account. Send an entail to [redacted]. We will not respond immediatly. After we reply, you must send at least 10 nude pictures of you. After that we will have to verify that the nudes belong to you. Once you are verified, we will give you your unlock code and sell your nudes on the deep web.”

But the hilarious part? The lock code is….drumroll….

12345.

Yep. The worst password, like, ever.

SophosLabs researcher Dorka Palotay postulated that nRansom is just “a test or a joke.”

Or the work of bored 13-year-olds hoping they’ll get lucky with some nude pics. I’m going with that.


Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit https://www.infosecurity-magazine.com/conferences/infosecurity-north-america/


What’s hot on Infosecurity Magazine?